ExpertEasy1 markMultiple Choice
CPA · Question 41 · Area II: Security
Under the CIS Controls (Center for Internet Security), Control 1 is 'Inventory and Control of Enterprise Assets'. Why is this considered the foundational control?
Under the CIS Controls (Center for Internet Security), Control 1 is 'Inventory and Control of Enterprise Assets'. Why is this considered the foundational control?
Answer options:
A.
It is the easiest to implement.
B.
You cannot secure what you do not know you have.
C.
It is required by the IRS.
D.
It prevents malware execution.
How to approach this question
Logic: Step 1 of protecting a house is knowing where the doors and windows are.
Full Answer
B.You cannot secure what you do not know you have.✓ Correct
CIS Control 1 emphasizes that attackers scan for unprotected assets. If an organization does not have an accurate inventory, they cannot apply security controls (patching, configuration) to those 'shadow' assets.
Common mistakes
Thinking antivirus (Control 10) is first.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard